Cyber-Criminals Rent or Buy What They Need: It's Cheap!

Trend Micro researchers analyzed Russian underground forums and sites and found two dozen basic and fundamental tools and technologies criminals can use to enhance their criminal enterprises. The services include dedicated servers, malware, and hacking services.

Underground forums offer cyber-criminals a diverse array of products and services to enhance their criminal enterprises. With prices falling, it's easier than ever to embark on the life of cyber-crime.

So says the latest research paper from Trend Micro. Researchers analyzed Russian underground forums and sites and found two dozen basic and fundamental tools and technologies available for sale, Trend Micro's Max Goncharov wrote in the paper released Tuesday. Criminals have access to products and services including dedicated servers, proxy servers, VPN services, social engineering services and hacking services, Goncharov found.

Researchers found programming services and software sales were the most popular services offered on Russian forums, Trend Micro found. Other popular services were hacking, dedicated server sales and bulletproof-hosting, spam and flooding services, including call and SMS flooding, download sales, distributed denial of service attacks, traffic sales, file encryption, Trojans, and exploit sales, according to the report.

The Trend Micro paper covered only "the most basic and fundamental tools" criminals offer to other aspiring criminals. In many ways the Russian underground economy resemble real-world businesses, Goncharov wrote.

Programming ServicesThe cost of hiring a programmer to develop customized malware can vary depending on feature complexity, timeline, and other factors. Hiring a programmer to write a banking Trojan could be as expensive as $1,300, but writing fake software, such as antivirus clones, could cost only $15 to $20, Trend Micro said. A Trojan capable of modifying a Web page displayed in the browser would cost a mere $850.

Off-the-shelf software included Trojans, spammers, distributed denial-of-service bots, and kits for Zeus and SpyEye, Goncharov said. Web applications written in PHP with a MySQL backend and programs written in C++ and C# were prevalent.

While services offering to develop malware are not new in the underground, researchers found more specialized offers coming onto the market. File crypting services, in which infected files or malware are modified to conceal them from security software, are available for as low as $10, according to the report. Specialized crypting services for Zeus range between $30 and $50. Trend Micro found a cyber-crime post offering file-stitching services, where a malicious .exe file is embedded into a .pdf file, for just $420.

HackingAccount hacking remains popular and the demand for hacking services is "enormous," Goncharov found. The most common targets remain email and social networking accounts, and methods vary, including brute-force attacks to guess passwords, guessing answers to secret questions, or exploiting Website vulnerabilities using SQL injection or cross-site scripting techniques. Some groups specialize in using sniffers, Trojans, phishing sites, and other social engineering tricks. Russian email domains and social networking sites are popular targets, and tools for breaking into Gmail, Hotmail, and Yahoo Mail are available at premium prices, according to Trend Micro.

Putting Together an EnterpriseAll the parts to put together a criminal enterprise is available online. Off-the-shelf and customized exploits are advertised on the forums, as well as pay-per-install services. The customer provides the malicious payload to a service provider to distribute as part of a download operation. Download services are priced based on the target country. Services offering 1,000 downloads from the United States will cost about $100 to $150, while Australian downloads can be as high as $300 to $550. Mixed-traffic services, with victims from various regions, are also available.

Criminals can also pay for traffic where the service providers use black hat search optimization tricks or other techniques to drive thousands of victims to the malicious site. Spamming services for mass distribution of messages are cheap, beginning at $10 for a million emails.

Servers are a "must in a cybercriminal operation," and dedicated servers are among the "most popular goods" available on the underground market, Goncharov wrote. Dedicated server hosting is usually available for $0.50 to $1 per server, and can be purchased in bundles of tens or hundreds at once.

Bulletproof-hosting services, where cyber-criminals can host whatever they want on a site without worrying about having it taken down, are widely available, Goncharov said. Bulletproof-hosting service with DDoS protection, a 1GB of Internet bandwidth and other features are available for about $2,000 a month, Trend Micro found.

The fact that it has gotten so cheap for criminals to set up operations means security companies and users have to be increasingly more vigilant in protecting their money and information on their devices from attack, Goncharov said. The attacks will only increase and the defenses need to be able to keep pace.

Fahmida Y. Rashid is a senior analyst for business at PCMag.com. She focuses on ways businesses can use technology to work efficiently and easily. She is paranoid about security and privacy, and considers security implications when evaluating business technology. She has written for eWEEK, Dark Reading, and SecurityWeek covering security, core Internet infrastructure, and open source.
Follow me on Twitter: zdfyrashid
More »